Blocking IP using custom IOC feeds

Hello All,

I am trying to automatically Block IPs from IOC feeds coming from ServiceNow-Secops. I can see, check point is able to fetch IOCs from Secops however, it is not blocking those IPs.

I am using R80.30 (gateway and management are behind proxy and it is standalone). I check sk103154 and it asks me to install script "ip_block_sk103154.tar" . Unfortunately, with my access i am unable to download this script.

Re: Blocking IP using custom IOC feeds

Small Update:

I tried Blocking it from Smart Console also, by uploading the .csv file as Indicators and still IP is not getting blocked.

Is there any limitation like Private IP cannot be blocked (though it is coming from External interface)? I have created a rule on firewall to allow SSH, Ping and 443 from the Same IP (which i am looking to block through Anti-Bot blade)

Re: Blocking IP using custom IOC feeds

The mechanism that ioc_feeds uses is Anti-Bot and Anti-Virus.This works for blocking outbound traffic to the specified IPs from internal networks.It won't block traffic coming FROM those IPs, however.For that, you can use the scripts in sk103154.